virtual_dj.exe

The application virtual_dj.exe has been detected as a potentially unwanted program by 29 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.free-downloadss.com.
MD5:
d70ce67b11090210a7c5c2fca60e7556

SHA-1:
16fa1b8be75e8fc91887d280ba5100b5392876db

SHA-256:
23a23d41be610687398b45cd0aed3d28256a23b2e84cb6831e2865c97db23052

Scanner detections:
29 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/26/2024 7:48:28 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.A
289

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.05.12

avast!
Win32:OutBrowse-HW [PUP]
2014.9-160420

AVG
OutBrowse
2017.0.2767

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.16420

Bitdefender
Application.Bundler.Outbrowse.A
1.0.20.555

Clam AntiVirus
Win.Adware.OutBrowse-4
0.98/21511

Comodo Security
Application.Win32.OutBrowse.~B
22084

Dr.Web
Trojan.Siggen6.33552
9.0.1.0111

ESET NOD32
Win32/OutBrowse.D potentially unwanted (variant)
10.11611

Fortinet FortiGate
Riskware/NSIS_OutBrowse
4/20/2016

F-Secure
Application.Bundler.Outbrowse
11.2016-20-04_4

G Data
Application.Bundler.Outbrowse
16.4.25

K7 AntiVirus
Trojan
13.203.15875

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.332

Malwarebytes
PUP.Optional.Smart
v2016.04.20.02

McAfee
Artemis!D70CE67B1109
5600.6423

MicroWorld eScan
Application.Bundler.Outbrowse.A
17.0.0.333

NANO AntiVirus
Trojan.Win32.OutBrowse.cxaakt
0.30.24.1357

Panda Antivirus
Trj/CI.A
16.04.20.02

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Quick Heal
TrojanDownloader.NSIS.OutBrowse.B
4.16.14.00

Reason Heuristics
PUP.OutBrowse (M)
16.4.20.14

Sophos
OutBrowse
4.98

Total Defense
Win32/Tnega.fRTYbOC
37.1.62.1

Trend Micro House Call
TROJ_GEN.R047B01E715
7.2.111

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.3

VIPRE Antivirus
OutBrowse
40154

File size:
608.5 KB (623,067 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\virtual_dj.exe

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:5ck5cWN3aPbD3x6imu00ufz6HSkdxvN+RrA55N2uSgcbUe6Q8SAEe3nTJls:5cGrNKPbDVmH0uf+HSkHl+RsnNFSgcDl

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file virtual_dj.exe has been seen being distributed by the following URL.

Remove virtual_dj.exe - Powered by Reason Core Security